- V3 Apps
Former home secretary David Blunkett revealed on Wednesday that the French authorities were in the habit of monitoring UK government emails.
Speaking at the McAfee Focus customer event in London, Blunkett related an anecdote about the time he and then French interior minister Nicolas Sarkozy were at loggerheads over the future of the Sangatte refugee camp which sprung up in the early 2000s.
Referring to part of the bargaining over how many refugees the UK would be forced to take, Blunkett said: "Sarkozy told me he already knew my bottom line."
Unsure whether he was bluffing, Blunkett pressed Sarkozy as to how he could possibly know this. The response? "Maybe it would be better to encrypt the emails you send to your embassy in Paris."
A few points emerge from this fascinating insight into government-level espionage. The first is that everyone is at it, even our supposed 'allies'. One would hope that the Home Office, and indeed every government department, does now encrypt its emails, especially those sent to certain IP addresses outside the country.
The anecdote also highlights, rather worryingly, the relative immaturity of the security industry. Just 10 years ago governments weren't encrypting emails. Who knows what safeguards are being overlooked today?
Advanced persistent threats (APTs) represent one of the most dangerous forms of attack on governments today. Given the modus operandi of a typical APT - lying low to avoid detection while lifting top secret information for months or even years - they can be challenging to combat.
If the initial malicious email attachment is not caught, either by email filters or vigilant and well educated staff, another potential way to discover attacks involves advanced user activity monitoring.
Whether government departments are actually using these tools and techniques or making do without despite the threats, as in Blunkett's day, remains to be seen.